Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t1Bhs-00F63g-VT for pgsql-general@arkaria.postgresql.org; Wed, 16 Oct 2024 21:37:24 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1t1Bhr-00AiYl-87 for pgsql-general@arkaria.postgresql.org; Wed, 16 Oct 2024 21:37:23 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t1Bhq-00AiYU-T8 for pgsql-general@lists.postgresql.org; Wed, 16 Oct 2024 21:37:23 +0000 Received: from momjian.us ([72.94.173.45]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t1Bho-001QHO-RL for pgsql-general@lists.postgresql.org; Wed, 16 Oct 2024 21:37:22 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=momjian.us; s=2024011501; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description; bh=7pM2zrEGd1ZjuHrK++WXafZ4Zdsfjin2ntxFc6rreSg=; b=dW/b6 FQZ+TKPpZ6yNVmuUFzinpJbjMwXVUgkAoKIcqjsvWqj6C8CQQhEmajSw5a38yz4iQEgoohkqY4QOP MZqZZsz2qjRYZSl+g68bkxFCZYudxyTLWWZpYLTSDZVosnY6aSnRfUAUvD/nLif0HVKAmdIzEe/Pp bvnKDpqzR8rZr8/56TvJoK5c8f2Y3KUWYJpxXFgCjP17URykapSYyQlSSIhqRcKJGU9KlUvfMPUPj LDE9b7+ylFsaAC9mjNz8YY04v8hEW7TqgeWuu5OLW95XDnFWHorJMhwfjYEnh1X6ADWvurq08dnJm yHE1ZUaE4Mo6sU0ekmqpnn3xWsHuQ==; Received: from bruce by momjian.us with local (Exim 4.96) (envelope-from ) id 1t1Bhn-009X4B-1k for pgsql-general@lists.postgresql.org; Wed, 16 Oct 2024 17:37:19 -0400 Date: Wed, 16 Oct 2024 17:37:19 -0400 From: Bruce Momjian To: pgsql-general@lists.postgresql.org Subject: Re: What are best practices wrt passwords? Message-ID: References: <87o73kgzkd.fsf@mbork.pl> <87frowggzq.fsf@mbork.pl> <186766.1729097245@sss.pgh.pa.us> <20241016212715.b5ioj7pwfeoqzkzm@hjp.at> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20241016212715.b5ioj7pwfeoqzkzm@hjp.at> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Wed, Oct 16, 2024 at 11:27:15PM +0200, Peter J. Holzer wrote: > On 2024-10-16 09:50:41 -0700, Christophe Pettus wrote: > > > On Oct 16, 2024, at 09:47, Tom Lane wrote: > > > I believe it depends on your platform --- some BSDen are pretty > > > permissive about this, if memory serves. On a Linux box it seems > > > to work for processes owned by yourself even if you're not superuser. > > > > I just tried it on an (admittedly kind of old) Ubuntu system and MacOS > > 14, and it looks like shows everything owned by everyone, even from a > > non-sudoer user. > > On Linux, unprivileged users can only see the environment of their own > processes since a *very* long time ago. Possibly even before Ubuntu even > existed. So I'm somewhat sceptical about that. Some other Unixes were > more permissive. I don't know what camp MacOS falls into. Yes, I thought this was fixed long ago. -- Bruce Momjian https://momjian.us EDB https://enterprisedb.com When a patient asks the doctor, "Am I going to die?", he means "Am I going to die soon?"